“What about all those hackers on the fringes of business in Eastern Europe and North Korea?” — The Information’s Martin Peers
From Peers’ “The hole in Apple’s security argument” ($) posted Tuesday to The Information subscribers:
Next time Apple executives argue that they can’t relax rules around their iOS App Store for fear of allowing a malware invasion, let’s remember today, when the company sued Israeli firm NSO in retaliation for allegedly infecting iPhones with spyware. Yes, as secure as Apple claims the iPhone to be, the devices are apparently no match for those with the resources to look for vulnerabilities in its software.
This isn’t news, of course. Apple, like Microsoft and Google, is constantly patching security holes in its software, as news reports demonstrate. The inconsistency between that patch activity and Apple’s security boasts is one the iPhone maker usually prefers not to dwell on. What’s fascinating about Apple’s lawsuit is how it contorts itself to explain away the seeming contradiction that a device that purports to be secure actually isn’t.
“Security researchers agree that [the] iPhone is the safest, most secure consumer mobile device on the market,” says Apple’s complaint, filed in federal court in Northern California. “A recent study found that 98% of mobile malware targets Android devices.” Translation: No devices are secure, but Apple’s devices are less of a problem than others. Unfortunately, all it takes is one piece of malware to ruin your day—or drain your bank account.
With this lawsuit—which, as The New York Times notes, follows a lawsuit by Meta Platforms against NSO—Apple can add to the pressure on NSO and possibly achieve something. But what about all those hackers on the fringes of business in Eastern Europe and North Korea? Somehow the threat of a lawsuit filed by Apple in California doesn’t seem likely to scare them. Security vulnerabilities are a fact of life—for owners of iPhones and Android devices. Consumers have to defend themselves by, for instance, not putting sensitive information like driver’s licenses on their phones (much as Apple might want them to). Lawsuits can only do so much.
My take: OK, Martin, what do you suggest?